David Morris wrote:
> It seems to me that if there is a known security exposure for applications
> built on HTTP, then the httpbis document should at the minimum note the
> issue and provide a reference to the details. Seems like appropriate
> content for the security section.
My understanding was that that security risk is not specific to content
transported over HTTP at all -- so I'd rather not talk about it in
*this* document.
BR, Julian